Principal Cyber Security Analyst

The Scottish Government

At Social Security Scotland, security is fundamental to delivering trusted public services. We're looking for an exceptional Principal Cyber Security Analyst to lead our Security Operations capability, helping us defend critical systems, protect sensitive data, and respond to an evolving cyber threat landscape. This is an opportunity to combine strategic leadership with hands-on technical expertise while making a genuine difference to the lives of people across Scotland.

As a senior technical leader within the Security Operations function, you will lead a team of Cyber Security Engineers and Analysts, providing both strategic direction and hands-on technical oversight. You will take ownership of the organisation’s core security tooling estate, driving continuous evolution and optimisation to ensure our capabilities remain effective against an evolving threat landscape.

You will be accountable for the design, implementation, and operation of key security technologies and services across a cloud-first environment, including:

  • Security Information and Event Management (SIEM)
  • Security Orchestration, Automation and Response (SOAR)
  • Endpoint Detection and Response (EDR/XDR)
  • Network Detection and Response (NDR)
  • Vulnerability and Exposure Management
  • Security Incident Management and Response
  • Cyber Threat Intelligence (CTI)

This role requires deep technical expertise across modern security operations tooling and architectures, with a strong understanding of how to operate and optimise these capabilities within a complex, cloud-native environment. You will be expected to articulate and influence security strategy, manage technical risk, and ensure the effective implementation of controls to mitigate cyber threats.

If you are passionate about security operations and eager to make a real difference in public services, we invite you to join our talented team and take the next step in your career.

Success Profiles

We use an assessment framework called ‘Success Profiles’ which lists the elements we test and provides detailed descriptions of each. Find out more about the framework here .

Experience

1. Experience of leading and developing cyber security teams, with the ability to design, implement and continuously improve Security Operations capabilities, including threat detection, automation, orchestration and the development of security processes and procedures to meet evolving business and threat requirements.

2. Experience of advising on organisational and technical responses to cyber security incidents, with responsibility for developing and driving incident investigation, response policies, processes and procedures.

3. Expert knowledge of system architectures, with the ability to assess and articulate the impact of vulnerabilities on existing and future systems, services and designs.

Behaviours

Communicating and Influencing (Level 4)

    You can find out more about Success Profiles Behaviours here

    Technical / Professional Skills

    This role is aligned to Principal Cyber Security Analyst within the Government Digital and Data Profession.

    Please review the following to understand the skill expectations: Cyber Security: Operations - gov.scot

    These skills will be tested during the Technical Assessment if you are successful at sift stage. They will not be assessed at application stage.

    How to Apply

    Apply online, providing a CV and Supporting Statement (of no more than 750 words) which provides evidence of how you meet the Experience and Behaviours listed in the Success Profiles above.

    Artificial Intelligence (AI) tools can be used to support your application, but all statements and examples provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, and presented as your own) applications will be withdrawn and internal candidates may be subject to disciplinary action.

    Please see our candidate guidance for more information on acceptable and unacceptable uses of AI in recruitment

    An initial sift may be completed using the CV and Supporting Statement against the first experience criteria. Candidates who pass the initial sift will have their applications fully assessed.

    Successful candidates will be invited to an Interview which will assess the experience and behaviours, and a Technical Assessment comprising a 10 minute presentation which will assess the Technical Skills.

    Full details of the interview and assessment process will be shared with shortlisted candidates once the sift has been completed.

    Please note: there may also be a telephone interview prior to the final interview stage.

    We aim to provide feedback on request. However, where a large number of applications are received, it may not be possible to give feedback to candidates who are not invited to interview or assessment. Feedback will be available on request to all candidates who attend an interview or assessment.

    Expected Timeline (subject to change)

    Sift - week commencing 27th July

    Interview – week commencing 10th August

    Location - In Person in either Dundee or Glasgow

    Reserve List

    In the event that there are more successful candidates than posts available, a reserve list will be kept for up to 12 months.

    Social Security Scotland is an Executive Agency of the Scottish Government. Our benefits help people from all walks of life in Scotland. We offer rewarding careers and employ people across Scotland in a wide range of professions and roles. We are committed to recruiting a diverse workforce that is representative of the clients we serve. Find more about us here.

    We offer a supportive and inclusive working environment along with a wide range of employee benefits.

    As part of the UK Civil Service , we uphold the Civil Service Nationality Rules .

    GDD Pay Supplement

    This post is part of the Government Digital and Data (GDD) profession and currently attracts a £4,000 annual GDD pay supplement, which is paid monthly. Pay supplements are reviewed regularly.

    Working Pattern

    Our standard hours are 35 hours per week and we offer a range of flexible working options, depending on the needs of the role. We embrace a hybrid working style where all colleagues will spend time in either our Glasgow or Dundee offices. There is an expectation of a minimum 2 days per week in your assigned location, which will be either Glasgow or Dundee. If you have specific questions about the role you are applying for, please contact us.

    Security Checks

    This post requires the successful candidate to clear additional National Security Vetting clearance (Security Check) aswell as a Baseline Personnel Security Standard (BPSS) before a start date can be offered. BPSS is comprised of four main pre-employment checks – Identity, Right to work, Employment History and a Criminal Record check (unspent convictions).

    Further information regarding National Security Vetting clearance levels can be found here - National Security Vetting: Clearance Levels - GOV.UK

    Equality Statement

    Social Security Scotland are committed to equality and inclusion, and we aim to recruit a diverse workforce that reflects the population of our nation.

    Social Security Scotland are a Disability Confident Employer. We will consider and implement any reasonable adjustments you may require throughout the recruitment process and during the course of your employment, should you be successful in securing a post. If you feel you may require assistance with any part of our recruitment process, please contact us at ***email_hidden***.

    Find out more about our commitment to diversity and how we offer and support recruitment adjustments for anyone who needs them.

    Right to Work in the UK

    Social Security Scotland is an approved sponsor under the UK Visa and Immigration (UKVI) Skilled Worker route. Please note that UK immigration guidance, including skill and salary thresholds and eligible occupations, is reviewed regularly and subject to change. If you require visa sponsorship, you should check the latest criteria to confirm whether this role meets current requirements before applying. You can find further advice on Gov.UK - Skilled Worker visa: Overview - GOV.UK

    Further Information

    Social Security Scotland’s recruitment processes are underpinned by the recruitment principles of the Civil Service Commissioner, which outline that selection for appointment be made on merit on the basis of fair and open competition - Recruitment - Civil Service Commission

    If you feel at any time your application has not been treated in accordance with the values in the Civil Service Code and/or if you feel the recruitment has been conducted in such a way that conflicts with the Civil Service Commissioner’s Recruitment Principles, you can make a complaint, by contacting Social Security Scotland at [email protected] in the first instance. If you are not satisfied with the response you receive you can contact the Civil Service Commissioner.

    The successful candidate will be expected to remain in post for a minimum of 3 years unless successful in gaining promotion to a higher Band or Grade.

    Find out more about our organisation, what we offer staff members and how to apply on our Careers Website.

    Read our Candidate Guide for further information on our recruitment and application processes.

    If you experience any difficulties accessing our website or completing the online application form, please contact the Resourcing Team via [email protected]

    Apply before 23:55 on 23rd July 2026

    Contact Name - Resourcing Team

    Contact email – ***email_hidden***

    Responsibilities

    • Lead and develop the Security Operations team, establishing governance, standards and performance measures that drive effective threat detection, incident response and continuous improvement, aligned to organisational risk appetite and a cloud-first strategy.
    • Own and optimise the organisation's security tooling and detection platforms, ensuring they are effectively integrated, maintained and continuously enhanced to deliver scaleable, automated security operations.
    • Build and influence relationships with senior stakeholders, acting as a trusted adviser and key point of contact on all aspects of cyber security.
    • Provide expert cyber security leadership and authoritative guidance on the implementation and operation of security controls across the organisation and wider government community.
    • Understand user and business needs, identifying emerging technology trends and usage patterns to help shape effective, risk-based security policies and controls.
    • Deliver strategic cyber security initiatives that support the Cyber Security Strategy and strengthen the management of business risk, information security and data protection.
    • Lead and continuously improve incident management, investigation and response processes, ensuring effective preparation for and response to cyber security incidents.
    • Manage the assessment and response to cyber threats, maintaining the confidentiality, integrity, availability and compliance of organisational systems and information.
    • Lead security testing activities, overseeing the design, delivery and assessment of exercises and reviews while ensuring compliance with relevant policies, procedures and standards.
    • Develop and maintain cyber security policies, standards and guidance that meet business, technology and legal requirements, and reflect industry best practice.